1 What is claimed is: 
2 

3 1. A network-based service provider architecture, comprising: 

4 a plurality of cells hosting a multi-tiered application environment; and 

5 a common logical network layer providing network connectivity and enforcing 

6 individual access policy of each cell of the plurality of cells, wherein each cell is cormected to 

7 the common logical network layer. 
8 

9 2. The architecture of claim 1, wherein each cell comprises one or more servers or 

10 devices, the one or more servers or devices sharing network address space and access policy. 
11 

12 3. The architecture of claim 1 wherein access policy comprises rules and mechanisms 

1=^ 13 controlling the flow of data in and out of each cell. 
5 14 

15 4. The architecture of claim 1 wherein access policy comprises at least one of 

H= 16 authentication, authorization, access enforcement, privacy protections and integrity 

m 

Q 17 guarantees. 

L 1^ 

rU 19 5. The architecture of claim 1 wherein the network connectivity comprises at least one 

m 20 of a local area network function and a wide area network function, wherein the common 

Q 21 logical network layer connects cells which are geographically distant from each other. 

22 

23 6. The architecture of claim 1 wherein the network connectivity comprises connecting 

24 cells with at least one of private user networks and the Internet. 
25 

26 7. The architecture of claim 1 wherein the multi-tiered application comprises any 

27 function or service that uses resources from more than one cell. 
28 

29 8. The architecture of claim 1, wherein the multi-tiered application environment 

30 comprises infrastructure to host multiple users. 
31 

32 9. The architecture of claim 1 wherein the cells of the multi-tiered application 

33 environment comprise at least one of added value functions, system administration functions 

34 and security monitoring functions. 
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1 

2 10. The architecture of claim 1, wherein the plurality of cells comprises at least one front 

3 end cell and a back end cell, the front end cell including a web server front-end delivering 

4 content and the back end cell including a database back-end. 

5 

6 11. The architecture of claim 10, wherein the front end cell comprises at least two front 

7 end cells including a first front end cell and a second front end cell, wherein access to the first 

8 front end cell is shared by all users of the network-based service and access to the second 

9 front end cell is limited to a designated user of the network-based service. 
10 

11 12. A method for providing a network-based service, comprising: 

1 2 receiving data in a common logical network layer from at least one of a cell of a 

1 3 plurality of cells of a multi-tiered application and a network; 

14 enforcing access policy of a destination cell of the plurality of cells to which the data 

15 is directed, if the data is directed to a cell of the plurality of cells; 

16 enforcing access policy of a source cell of the plurality of cells, if the data is received 

17 from a cell of the plurality of cells; 

1 8 transmitting the data to at least one of the destination cell and the network. 

19 

20 13. The method of claim 12, wherein enforcing access policy comprises enforcing rules 

21 and mechanisms controlling the flow of data in and out of at least one of the source cell and 

22 destination cell. 

23 

24 14. The method of claim 12, wherein enforcing access policy comprises performing at 

25 least one of authentication, authorization, access enforcement, privacy protections, and 

26 integrity guarantees. 
27 
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1 15. The method of claim 12, wherein each cell of the plurality of cells comprises one or 

2 more servers or devices, the one or more servers or devices sharing network address space 

3 and access policy. 
4 
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